Site Security Planning

Constant Vigilance

Effective security planning requires you to monitor and report all significant securityrelated events. It also requires that you audit the reports from the systems administration in a timely fashion. Planning leads to security policies and standards that support effective monitoring and review.

Develop security plans that, at a minimum, thoroughly require you to monitor the following events and situations inside and outside the site:

• All security-related network events, such as resource access activities and logon attempts

• New users and changes to user network authentication status

• Reports of employees who are to be terminated

• Changes in authorization (access control) to site directories and files

• The addition of, or changes to, organizational firewalls and network-wide authentication systems

• Forums that report on discovered network security holes for the systems in place at your site, as well as fixes for them

• Problem and incident reports from the Internet community

It cannot be overemphasized that the systems and applications you install will contain bugs that will likely be discovered elsewhere in the Internet community, before you know about them. Your vendors and the Internet community security forums will broadcast news as these problems surface, and as solutions are developed. Security policy must include the practice of diligently monitoring the forums that provide this information, as well as the fixes for them.

Here are two examples of forums that effectively track bugs and fixes for major network operating systems:

• For UNIX systems: bugtraq. To subscribe: send a message to listserv@netspace.org; no subject; in the message area type subscribe bugtraq .

• For Windows: ntbugtraq. To subscribe: send a message to listserv@listserv.ntbugtraq.com; no subject; in the message area type subscribe ntbugtraq .